The Virtual CISO with Steve King

Active Defense & Deception , Next-Generation Technologies & Secure Development

How Deception Technologies Enable Proactive Cyberdefense

Sizing Up the Important Role the Technologies Can Play
How Deception Technologies Enable Proactive Cyberdefense

As organizations come to grips with the realities of the current state of cybersecurity, more are considering leveraging deception technologies. They're seen as a way to shift away from a purely defensive "detect and response" posture toward a more proactive offensive approach that draws stealth cyberattackers into the open before a breach.

See Also: Keeping Your Side of the Street Clean: 5 Cyber-Hygiene Facts You Wish You Knew Earlier

Deception as a tactic has been around since the early days of honeypots. But today's new, much more powerful, deception technologies leverage artificial intelligence and machine learning to enable the automated deployment of fake content, lists, databases and access points that play directly into the attackers' desires and then trap them into false storage or network areas and occupy them until the threat can be contained.

Deception technologies enable the sort of proactive defense strategy that the industry can easily adopt to help to reduce data breaches. 

Older generations of deception technologies called for deployment and monitoring, which required a dedicated team of forensics analysts to properly operate and deploy. Modern versions can easily auto-generate fake targets based upon scans of actual network segments, artifacts and databases. And they can deploy mock networks running on the same infrastructure.

Among the companies offering the technologies are Acalvio, Attivo Networks, Cymmetria, Illusive Networks, Smokescreen and TrapX Security.

No False Positives

Because the fake targets are never accessible by legitimate users, there are no false positives to deal with, no alert fatigue to drain resources and no lag time for notification of probable malicious intrusions.

In addition, the machine learning components can be modeled to dynamically recreate new deceptive network models - either randomly or on a fixed schedule - to ensure that savvy intruders are continually outwitted even if they suspect that deception technologies have been deployed.

The other good news is that most modern deception platforms can be mapped and deployed in a couple of hours and are easily configurable to target specific assets and network segments for replication as decoys.

Proactive Approach

The objective of moving toward a proactive defense strategy is to assume an attack will occur and instead of focusing on prevention and response. The application of deception technologies allows organizations to leverage the existing network infrastructure to detect intruders early, thus reducing the attack surface and enabling the collection of adversarial threat intelligence along the way.

The quality of this form of threat intelligence is a marked improvement over the minimally useful data organizations are usually able to collect following a disrupted attack. That post-attack data rarely provides sufficient insights into techniques and tactics that would help remediate an attack fully or prepare against a similar attack in the future. And it makes verification that the attackers' tools have been removed from the network virtually impossible.

Quick Detection Essential

Crowdstrike reports that the average "breakout time" following a successful attack is 1 hour and 58 minutes. That's the amount of time between when an intruder gets on a machine, whether it's through spear phishing or some sort of strategic web compromise, and when they break out of the beachhead they've established and compromise other systems, Crowdstrike explains.

Clearly, detecting an adversary quickly has never been more critical.

Implementing deception technologies not only attacks the attackers during their forays through the initial access steps as they attempt to locate targeted assets, but it also moves away from the conventional challenges and expenses associated with implementing and integrating point solution technologies that manage access to the computing environment.

The expanding adoption of cloud infrastructure, global access requirements and the explosion of connected devices all compound to place an enormous burden on conventional security solutions and human response teams, neither of which can keep pace or scale to manage this expanding threat landscape.

Organizations can no longer depend only on cybersecurity point solutions because serious attackers can easily bypass these defenses. Deception technologies enable the sort of proactive defense strategy that the industry can easily adopt to help to reduce data breaches.

About the Author

Steve King

Steve King

Director, Cybersecurity Advisory Services, Information Security Media Group

King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 19 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group. He has been granted engineering patents encompassing remote access multi-factor authentication using adaptive machine learning, applied cyber-threat intelligence networks, a universal IoT security architecture, contextual semantic search technologies, web-enabled multimedia transfers, image capture and database smart query processing.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.